|
 |
9119d9 |
From d4b88a0c0def14366ef18bd6ab18689f0bbd18f7 Mon Sep 17 00:00:00 2001
|
|
|
9119d9 |
Message-Id: <d4b88a0c0def14366ef18bd6ab18689f0bbd18f7@dist-git>
|
|
|
9119d9 |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
9119d9 |
Date: Fri, 21 Nov 2014 09:53:04 +0100
|
|
|
9119d9 |
Subject: [PATCH] storage: qemu: Fix security labelling of new image chain
|
|
|
9119d9 |
elements
|
|
|
9119d9 |
|
|
|
9119d9 |
When creating a disk image snapshot the libvirt code would blindly copy
|
|
|
9119d9 |
the parents label to the newly created image. This runs into problems
|
|
|
9119d9 |
when you start a VM from an image hosted on NFS (or other storage system
|
|
|
9119d9 |
that doesn't support selinux labels) and the snapshot destination is on
|
|
|
9119d9 |
a storage system that does support selinux labels. Libvirt's code in
|
|
|
9119d9 |
that case generates a different security label for the image hosted on
|
|
|
9119d9 |
NFS. This label is valid only for NFS images and doesn't allow access in
|
|
|
9119d9 |
case of a locally stored image.
|
|
|
9119d9 |
|
|
|
9119d9 |
To fix this issue libvirt needs to refrain from copying security
|
|
|
9119d9 |
information in cases where the default domain seclabel is a better
|
|
|
9119d9 |
choice.
|
|
|
9119d9 |
|
|
|
9119d9 |
This patch repurposes the now unused @force argument of
|
|
|
9119d9 |
virStorageSourceInitChainElement to denote whether a copy of the
|
|
|
9119d9 |
security labelling stuff should be attempted or not. This allows to
|
|
|
9119d9 |
fine-control the copy operation for cases where we need to keep the
|
|
|
9119d9 |
label of the old disk vs. the cases where we need to keep the label
|
|
|
9119d9 |
unset to use the default domain imagelabel.
|
|
|
9119d9 |
|
|
|
9119d9 |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718
|
|
|
9119d9 |
(cherry picked from commit 7e130e8b3505ce0f821081dffde8c13a7ff921b3)
|
|
|
9119d9 |
|
|
|
9119d9 |
Conflicts:
|
|
|
9119d9 |
src/qemu/qemu_driver.c - functional: new block copy api not
|
|
|
9119d9 |
backported
|
|
|
9119d9 |
src/util/virstoragefile.c - context: single line block cleanup
|
|
|
9119d9 |
not backported
|
|
|
9119d9 |
|
|
|
9119d9 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
9119d9 |
---
|
|
|
9119d9 |
src/qemu/qemu_driver.c | 2 +-
|
|
|
9119d9 |
src/qemu/qemu_process.c | 2 +-
|
|
|
9119d9 |
src/util/virstoragefile.c | 17 +++++++----------
|
|
|
9119d9 |
3 files changed, 9 insertions(+), 12 deletions(-)
|
|
|
9119d9 |
|
|
|
9119d9 |
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
|
9119d9 |
index 8e6ef1e..5d2a335 100644
|
|
|
9119d9 |
--- a/src/qemu/qemu_driver.c
|
|
|
9119d9 |
+++ b/src/qemu/qemu_driver.c
|
|
|
9119d9 |
@@ -16064,7 +16064,7 @@ qemuDomainBlockCommit(virDomainPtr dom,
|
|
|
9119d9 |
goto endjob;
|
|
|
9119d9 |
if (virStorageSourceInitChainElement(mirror,
|
|
|
9119d9 |
disk->src,
|
|
|
9119d9 |
- false) < 0)
|
|
|
9119d9 |
+ true) < 0)
|
|
|
9119d9 |
goto endjob;
|
|
|
9119d9 |
}
|
|
|
9119d9 |
|
|
|
9119d9 |
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
|
|
9119d9 |
index d6e10e3..fa8b7f8 100644
|
|
|
9119d9 |
--- a/src/qemu/qemu_process.c
|
|
|
9119d9 |
+++ b/src/qemu/qemu_process.c
|
|
|
9119d9 |
@@ -1063,7 +1063,7 @@ qemuProcessHandleBlockJob(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
|
|
|
9119d9 |
copy = virStorageSourceCopy(disk->mirror, false);
|
|
|
9119d9 |
if (virStorageSourceInitChainElement(copy,
|
|
|
9119d9 |
persistDisk->src,
|
|
|
9119d9 |
- false) < 0) {
|
|
|
9119d9 |
+ true) < 0) {
|
|
|
9119d9 |
VIR_WARN("Unable to update persistent definition "
|
|
|
9119d9 |
"on vm %s after block job",
|
|
|
9119d9 |
vm->def->name);
|
|
|
9119d9 |
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
|
|
|
9119d9 |
index 6e6ee08..d58f9ed 100644
|
|
|
9119d9 |
--- a/src/util/virstoragefile.c
|
|
|
9119d9 |
+++ b/src/util/virstoragefile.c
|
|
|
9119d9 |
@@ -1894,29 +1894,26 @@ virStorageSourceCopy(const virStorageSource *src,
|
|
|
9119d9 |
* virStorageSourceInitChainElement:
|
|
|
9119d9 |
* @newelem: New backing chain element disk source
|
|
|
9119d9 |
* @old: Existing top level disk source
|
|
|
9119d9 |
- * @force: Force-copy the information
|
|
|
9119d9 |
+ * @transferLabels: Transfer security lables.
|
|
|
9119d9 |
*
|
|
|
9119d9 |
* Transfers relevant information from the existing disk source to the new
|
|
|
9119d9 |
* backing chain element if they weren't supplied so that labelling info
|
|
|
9119d9 |
* and possibly other stuff is correct.
|
|
|
9119d9 |
*
|
|
|
9119d9 |
- * If @force is true, user-supplied information for the new backing store
|
|
|
9119d9 |
- * element is overwritten from @old instead of keeping it.
|
|
|
9119d9 |
+ * If @transferLabels is true, security labels from the existing disk are copied
|
|
|
9119d9 |
+ * to the new disk. Otherwise the default domain imagelabel label will be used.
|
|
|
9119d9 |
*
|
|
|
9119d9 |
* Returns 0 on success, -1 on error.
|
|
|
9119d9 |
*/
|
|
|
9119d9 |
int
|
|
|
9119d9 |
virStorageSourceInitChainElement(virStorageSourcePtr newelem,
|
|
|
9119d9 |
virStorageSourcePtr old,
|
|
|
9119d9 |
- bool force)
|
|
|
9119d9 |
+ bool transferLabels)
|
|
|
9119d9 |
{
|
|
|
9119d9 |
int ret = -1;
|
|
|
9119d9 |
|
|
|
9119d9 |
- if (force) {
|
|
|
9119d9 |
- virStorageSourceSeclabelsClear(newelem);
|
|
|
9119d9 |
- }
|
|
|
9119d9 |
-
|
|
|
9119d9 |
- if (!newelem->seclabels &&
|
|
|
9119d9 |
+ if (transferLabels &&
|
|
|
9119d9 |
+ !newelem->seclabels &&
|
|
|
9119d9 |
virStorageSourceSeclabelsCopy(newelem, old) < 0)
|
|
|
9119d9 |
goto cleanup;
|
|
|
9119d9 |
|
|
|
9119d9 |
@@ -2347,7 +2344,7 @@ virStorageSourceNewFromBacking(virStorageSourcePtr parent)
|
|
|
9119d9 |
}
|
|
|
9119d9 |
|
|
|
9119d9 |
/* copy parent's labelling and other top level stuff */
|
|
|
9119d9 |
- if (virStorageSourceInitChainElement(ret, parent, false) < 0)
|
|
|
9119d9 |
+ if (virStorageSourceInitChainElement(ret, parent, true) < 0)
|
|
|
9119d9 |
goto error;
|
|
|
9119d9 |
}
|
|
|
9119d9 |
|
|
|
9119d9 |
--
|
|
|
9119d9 |
2.1.3
|
|
|
9119d9 |
|